nimble: correct way to terminate connection when pairing key is incorrect

[golden911]

Hi,

I am writing a firmware based on the bleprh example code. My device has a display, which I will be using to show the passkey (BLE_SM_IOACT_DISP). Currently, if I type in the incorrect passkey on my phone, "ble_gap_security_initiate" still succeeds and I connect to the device, except it is not authenticated/bonded/encrypted. In this case, I can read/write nonencrypted services. I only want to connect if it is secure. What is the correct way to do this? Currently, I have some code in "BLE_GAP_EVENT_ENC_CHANGE" case to terminate the connection but this does not seem correct.

My "bleprph_gap_event" code:

Code: [Select all] [Expand/Collapse]

1.        case BLE_GAP_EVENT_CONNECT:
2.             MODLOG_DFLT(INFO, "connection %s; status=%d ", event->connect.status == 0 ? "established" : "failed", event->connect.status);
3.             if (event->connect.status == 0) {
4.                 rc = ble_gap_conn_find(event->connect.conn_handle, &desc);
5.                 assert(rc == 0);
6.                 bleprph_print_conn_desc(&desc);
7.                 MODLOG_DFLT(INFO, "\n");
8.  
9.                 rc = ble_gap_security_initiate(event->connect.conn_handle);
10.                 if (rc != 0) {
11.                     MODLOG_DFLT(INFO, "Security could not be initiated, rc = %d\n", rc);
12.                     return ble_gap_terminate(event->connect.conn_handle, BLE_ERR_REM_USER_CONN_TERM);
13.                 } else {
14.                     MODLOG_DFLT(INFO, "Connection secured\n");
15.                 }
16.             } else {
17.                 /* Connection failed; resume advertising. */
18.                 bleprph_advertise();
19.             }
20. /*.....*/
21.         case BLE_GAP_EVENT_ENC_CHANGE:
22.             /* Encryption has been enabled or disabled for this connection. */
23.             MODLOG_DFLT(INFO, "encryption change event; status=%d ", event->enc_change.status);
24.             rc = ble_gap_conn_find(event->enc_change.conn_handle, &desc);
25.             assert(rc == 0);
26.            
27.             bleprph_print_conn_desc(&desc);
28.             MODLOG_DFLT(INFO, "\n");
29.  
30.             // XXX is this the correct way to do this??
31.             if(desc.sec_state.authenticated == 0 || desc.sec_state.encrypted == 0 || desc.sec_state.bonded == 0) {
32.                 MODLOG_DFLT(INFO, "failed pairing, terminating connection\n");
33.                 ble_store_util_delete_peer(&desc.peer_id_addr);
34.                 return ble_gap_terminate(event->connect.conn_handle, BLE_ERR_REM_USER_CONN_TERM);
35.             }

GeSHi © Codebox Plus Extension

Config:

Code: [Select all] [Expand/Collapse]

1.     /* Initialize the NimBLE host configuration. */
2.     ble_hs_cfg.reset_cb = bleprph_on_reset;
3.     ble_hs_cfg.sync_cb = bleprph_on_sync;
4.     ble_hs_cfg.gatts_register_cb = gatt_svr_register_cb;
5.     ble_hs_cfg.store_status_cb = ble_store_util_status_rr;
6.  
7.     ble_hs_cfg.sm_io_cap = BLE_SM_IO_CAP_DISP_ONLY;
8.     ble_hs_cfg.sm_bonding = 1;
9.     /* Enable the appropriate bit masks to make sure the keys
10.      * that are needed are exchanged
11.      */
12.     ble_hs_cfg.sm_our_key_dist |= BLE_SM_PAIR_KEY_DIST_ENC;
13.     ble_hs_cfg.sm_their_key_dist |= BLE_SM_PAIR_KEY_DIST_ENC;
14.     ble_hs_cfg.sm_mitm = 1;
15.     ble_hs_cfg.sm_sc = 1;
16.  
17.     /* Stores the IRK */
18.     ble_hs_cfg.sm_our_key_dist |= BLE_SM_PAIR_KEY_DIST_ID;
19.     ble_hs_cfg.sm_their_key_dist |= BLE_SM_PAIR_KEY_DIST_ID;

GeSHi © Codebox Plus Extension

Any help would very much so be appreciated. Thank you!

[MicroController]

Code: Select all

// XXX is this the correct way to do this??

I believe it is. I haven't found a way to make the BT stack automatically reject insecure connections either.

Thinking about it, one could try requiring authentication/encryption for read access to the service descriptor...